locked
how to protect MSMQ queue from receiving by remote machine? RRS feed

  • Question

  • hi,

    "To control access to MSMQ objects, MSMQ computers must log on to a Windows NT Server domain." Is there any alternative way to control access to MSMQ when it is installed in a workgroup environment?

    We are using MSMQ to communicate with other company's program. Two machines belongs to our company, the MSMQ is installed on machine A, a .NET program sending message to the MSMQ is installed on machine B. I want to authorize full control to windows account from machine B, and authorize only "Receive Message" permission to windows accuont from other compayn's machine.

    Thank you for your help.

    Saturday, August 7, 2010 2:26 AM

All replies

  • Are they all on the same domain?  If so, just add the permissions to the queue appropriately.  Otherwise if you're on the same domain as the computer you want to receivie the messages from, only give anonymous and everyone send permission on the queue, and lock down the rest of the permissions.  This should prevent non-domain members from reading from the queue.

    Also, by default, I don't believe a non-domain member can read from the queue (unless the second domain is trusted) since we establish a secure channel by default.  The default behavior can be modified though.  See the following link for more information: http://msdn.microsoft.com/en-us/library/ms699854(VS.85).aspx

    I hope this helps.

     

    Muhammed Ismail [MSFT]

     

    Thursday, September 2, 2010 3:36 PM